Merge remote-tracking branch 'remotes/dev/1.10' into 1.10

src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBody.php → src/Oro/Bundle/EmailBundle/Command/ConvertEmailBodyToTextBodyCommand.php

@@ -8,13 +8,14 @@
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 
+use Oro\Bundle\EmailBundle\Entity\EmailBody;
 use Oro\Bundle\EmailBundle\Tools\EmailBodyHelper;
 
 /**
  * Converts email body representations.
  * Will be deleted in 2.0
  */
-class ConvertEmailBodyToTextBody extends ContainerAwareCommand
+class ConvertEmailBodyToTextBodyCommand extends ContainerAwareCommand
 {
     const COMMAND_NAME = 'oro:email:convert-body-to-text';
 
@@ -38,11 +39,11 @@ protected function configure()
     protected function execute(InputInterface $input, OutputInterface $output)
     {
         $output->writeln('<info>Conversion of emails body is started.</info>');
+        $container = $this->getContainer();
 
         /** @var Connection $connection */
-        $connection = $this->getContainer()->get('doctrine')->getConnection();
-
-        $tableName = $this->queryHelper->getTableName('Oro\Bundle\EmailBundle\Entity\EmailBody');
+        $connection = $container->get('doctrine')->getConnection();
+        $tableName = $container->get('oro_entity.orm.native_query_executor_helper')->getTableName(EmailBody::class);
         $selectQuery = 'select id, body from ' . $tableName . ' where body is not null and text_body is null '
             . 'order by created desc limit :limit offset :offset';
         $pageNumber = 0;

src/Oro/Bundle/EmailBundle/EventListener/Datagrid/EmailGridListener.php

@@ -8,10 +8,12 @@
 
 use Oro\Bundle\DataGridBundle\Datagrid\ParameterBag;
 use Oro\Bundle\DataGridBundle\Datasource\Orm\OrmDatasource;
+use Oro\Bundle\DataGridBundle\Entity\GridView;
+use Oro\Bundle\DataGridBundle\Entity\Manager\GridViewManager;
 use Oro\Bundle\DataGridBundle\Event\BuildAfter;
 use Oro\Bundle\DataGridBundle\Event\OrmResultBeforeQuery;
-
 use Oro\Bundle\EmailBundle\Datagrid\EmailQueryFactory;
+use Oro\Bundle\SecurityBundle\SecurityFacade;
 
 class EmailGridListener
 {
@@ -20,6 +22,16 @@ class EmailGridListener
      */
     protected $factory;
 
+    /**
+     * @var SecurityFacade
+     */
+    protected $securityFacade;
+
+    /**
+     * @var GridViewManager
+     */
+    protected $gridViewManager;
+
     /**
      * Stores join's root and alias if joins for filters are added - ['eu' => ['alias1']]
      *
@@ -29,10 +41,17 @@ class EmailGridListener
 
     /**
      * @param EmailQueryFactory $factory
+     * @param SecurityFacade $securityFacade
+     * @param GridViewManager $gridViewManager
      */
-    public function __construct(EmailQueryFactory $factory)
-    {
+    public function __construct(
+        EmailQueryFactory $factory,
+        SecurityFacade $securityFacade,
+        GridViewManager $gridViewManager
+    ) {
         $this->factory = $factory;
+        $this->securityFacade = $securityFacade;
+        $this->gridViewManager = $gridViewManager;
     }
 
     /**
@@ -87,6 +106,9 @@ protected function prepareQueryToFilter($parameters, QueryBuilder $queryBuilder,
     {
         $filters = $parameters->get('_filter');
         if (!$filters || !is_array($filters)) {
+            $filters = $this->getGridViewFiltersData();
+        }
+        if (!$filters) {
             return;
         }
         $this->filterJoins = [];
@@ -125,6 +147,24 @@ protected function prepareQueryToFilter($parameters, QueryBuilder $queryBuilder,
         }
     }
 
+    /**
+     * @return array
+     */
+    protected function getGridViewFiltersData()
+    {
+        $filters = [];
+        $user = $this->securityFacade->getLoggedUser();
+        if (!$user) {
+            return $filters;
+        }
+        /** @var GridView|null $gridView */
+        $gridView = $this->gridViewManager->getDefaultView($user, 'user-email-grid');
+        if (!$gridView) {
+            return $filters;
+        }
+
+        return $gridView->getFiltersData();
+    }
 
     /**
      *

src/Oro/Bundle/EmailBundle/Migrations/Data/ORM/CollectEmailBodyJobFixture.php

@@ -7,7 +7,7 @@
 
 use JMS\JobQueueBundle\Entity\Job;
 
-use Oro\Bundle\EmailBundle\Command\ConvertEmailBodyToTextBody;
+use Oro\Bundle\EmailBundle\Command\ConvertEmailBodyToTextBodyCommand;
 
 /**
  * Adds job to collect email body representations.
@@ -20,7 +20,7 @@ class CollectEmailBodyJobFixture extends AbstractFixture
      */
     public function load(ObjectManager $manager)
     {
-        $job = new Job(ConvertEmailBodyToTextBody::COMMAND_NAME, []);
+        $job = new Job(ConvertEmailBodyToTextBodyCommand::COMMAND_NAME, []);
         $manager->persist($job);
         $manager->flush($job);
     }

src/Oro/Bundle/EmailBundle/Resources/config/datagrid.yml

@@ -129,6 +129,11 @@ datagrid:
                         -
                             join: e.emailBody
                             alias: eb
+# The next join is performed in EmailGridListener, when any of grid filters are applied: folder, folders, mailbox.
+#                        -
+#                            join: eu.folders
+#                            alias: f
+# Attributes from f are used in ChoiceMessageTypeFilter also.
                 where:
                     and:
                         - >
@@ -313,7 +318,7 @@ datagrid:
                 select:
                     - partial e.{ id, subject, sentAt }
                     - partial eu.{ id, receivedAt, email }
-                    - eb.bodyContent AS body_content
+                    - eb.textBody AS body_content
                     - a
                     - CASE WHEN eu.seen = true THEN 0 ELSE 1 END as is_new
                 from:

src/Oro/Bundle/EmailBundle/Resources/config/services.yml

@@ -556,6 +556,8 @@ services:
         class: %oro_email.listener.datagrid.email.class%
         arguments:
             - '@oro_email.datagrid_query_factory'
+            - '@oro_security.security_facade'
+            - '@oro_datagrid.grid_view.manager'
         tags:
             - { name: kernel.event_listener, event: oro_datagrid.datagrid.build.after.base-email-grid, method: onBuildAfter }
             - { name: kernel.event_listener, event: oro_datagrid.orm_datasource.result.before_query.base-email-grid, method: onResultBeforeQuery, priority: -255 }

src/Oro/Bundle/SearchBundle/Engine/AbstractEngine.php

@@ -277,7 +277,7 @@ protected function createIterator($entityName, $offset = null, $limit = null, $c
      */
     protected function createIteratorCacheKey($entityName, $offset = null, $limit = null)
     {
-        return sprintf('%d.%d.%d', $entityName, $offset, $limit);
+        return sprintf('%s.%d.%d', $entityName, $offset, $limit);
     }
 
     /**

src/Oro/Bundle/UIBundle/Resources/public/js/modal.js

@@ -40,6 +40,21 @@ define([
             if (options.handleClose) {
                 this.events = _.extend({}, this.events, {'click .close': _.bind(this.onClose, this)});
             }
+
+            // Backbone.BootstrapModal is XSS vulnerable due to wrong template interpolation
+            // Escape all variables except "content"
+            if (options.hasOwnProperty('title')) {
+                options.title = _.escape(options.title);
+            }
+
+            if (options.hasOwnProperty('cancelText')) {
+                options.cancelText = _.escape(options.cancelText);
+            }
+
+            if (options.hasOwnProperty('okText')) {
+                options.okText = _.escape(options.okText);
+            }
+
             Modal.__super__.initialize.call(this, options);
         },
 

src/Oro/Bundle/WorkflowBundle/Resources/public/js/app/views/transition/transition-edit-view.js

@@ -28,9 +28,9 @@ define(function(require) {
             workflow: null,
             step_from: null,
             entity_select_el: null,
-            button_example_template: '<button type="button" class="btn <%= button_color %>">' +
-                '<% if (transition_prototype_icon) { %><i class="<%= transition_prototype_icon %>"/> <% } %>' +
-                '<%= label %></button>',
+            button_example_template: '<button type="button" class="btn <%- button_color %>">' +
+                '<% if (transition_prototype_icon) { %><i class="<%- transition_prototype_icon %>"/> <% } %>' +
+                '<%- label %></button>',
             allowed_button_styles: [
                 {
                     'label': __('Gray button'),

src/Oro/Bundle/WorkflowBundle/Resources/public/templates/workflow-steps-view.html

@@ -1,8 +1,8 @@
 <% if (typeof steps !== 'undefined' && steps.length > 0) { %>
-    <ul class="workflow-step-list nav <%= steps.length > 1 ? 'more-than-one-step' : 0 %>">
+    <ul class="workflow-step-list nav <%- steps.length > 1 ? 'more-than-one-step' : 0 %>">
         <% for (var i = 0; i < steps.length; i++ ) { %>
-        <li class="<%= steps[i].name === currentStep.name ? 'current' : (steps[i].processed ? 'processed' : '') %>">
-            <%= steps[i].label %>
+        <li class="<%- steps[i].name === currentStep.name ? 'current' : (steps[i].processed ? 'processed' : '') %>">
+            <%- steps[i].label %>
         </li>
         <% } %>
     </ul>